Hackers Find Slim Pickings in Washington Post Attack

Although The Washington Post did get penetrated by hackers for a few days, its systems were largely unaffected by the attack. Still, it was clearly the work of "highly organized people with very clear interests," said Identity Finder's Aaron Titus. "This was an intelligence-gathering operation by somebody interested in intelligence." The Post immediately suspected the Chinese.

By John P. Mello Jr.
12/19/13 5:01 PM PT

For the third time in three years, computers at The Washington Post came under attack by hackers, but this time it seems the paper of record in the U.S. capital was ready for them.

The intrusion targeting the usernames and passwords of Post employees was relatively short in duration -- a few days, at most -- although the magnitude of the breach has yet to be determined, the newspaper reported Wednesday.

However, no subscriber information -- such as credit card numbers or home addresses -- was accessed, the Post reported. The newspaper's publishing and email systems were not hacked, and the personal information of employees, such as Social Security numbers, was not compromised.

Given how rapidly data thieves can nick information from a network, "a few days" may not seem like the fastest of response times, but it is when you consider the average time for discovering breaches is north of 200 days.

"The amount of time you have to respond before some data goes out the door is usually a matter of minutes," Nick Levay, CSO at
Bit9, told TechNewsWorld, "but many organizations that deal with targeted attacks don't detect them for months so a few days puts the Post in the upper percentile in response time."

Chinese Connection

As with other attacks on media outlets, such as The New York Times and The Wall Street Journal, the source of this attack was laid on the doorstep of the Chinese.

The Post immediately suspected Chinese hackers were behind the attack, it said in its report, noting that the intrusion originated in a server used by the newspaper's foreign staff but spread to more of the company's servers before being discovered.

In fingering the Chinese, the Post and Mandiant, its security partner, appear to be recognizing attack patterns similar to those used in other media intrusions.

"The reason their suspicions immediately focused on China is they saw similarities in the way the attackers were operating," said Matt Standart, director of threat intelligence with HBGary.

"That's typically how you can detect them sooner, because you've observed them in the past," he told TechNewsWorld.

"Chinese involvement is only speculation, but if I were to put money down on who did it, I'd put my money on the Chinese," Bit9's Levay added.

Not Average Basement Troll

Whether the hackers were Chinese or not, one thing is certain: They did exhibit behaviors attributed to sophisticated actors.

"We're talking about highly organized people -- criminals or state actors -- with very clear interests," he said. "This was an intelligence-gathering operation by somebody interested in intelligence, and The Washington Post clearly has a lot of intelligence.

It also has a lot of access, which could be another motive for snatching employee usernames and passwords.

"Any breach on media outlets is concerning, as reporters often have credentialed access to government or other secure facilities and portals," said Mike Gross, director of professional services and risk management for
41st Parameter.

"This could cause additional exposure beyond just The Washington Post systems and networks," he told TechNewsWorld.

"Media outlets are also looked upon as a reputable news source and, as we saw with the Syrian Electronic Army attacks this fall, that can have enormous financial impacts if reporters' social media accounts are also compromised, leading to official posts about a bogus attack," he added.

This attack on the Post furthers a trend among hackers.

"We're seeing attackers going after high-profile organizations or after companies with sensitive information that hackers can profit from," Eric Chiu, president and founder of
HyTrust, told TechNewsWorld.

"The impact of this breach could be big," he added, "because the attackers could use the stolen credentials to access the Post's data center as system administrators."